The case of European politicians investigating Pegasus spyware only to find the same software on their own devices has drawn sharp condemnation. One European Parliament member called the discovery a direct attack on the rule of law. The phrase "EU Politicians Investigated Pegasus Spyware, Then It Ended Up, Their Phones" captures the alarming circularity of the affair.

What You Need to Know

Pegasus, developed by the Israeli company NSO Group, is a powerful spyware tool that can infect mobile devices and extract data and audio. Citizen Lab, a cybersecurity research group at the University of Toronto, has documented its use against journalists, activists and now lawmakers. The latest findings show that even those tasked with overseeing surveillance are not immune from being targets themselves.

Targeting the Investigators

Citizen Lab’s analysis revealed that multiple members of the European Parliament had Pegasus infections on their phones. The researchers linked the infections to state actors that had previously been customers of NSO Group. The affected politicians were part of a committee examining the misuse of spyware across the European Union.

The discovery confirms a pattern that cybersecurity experts have long warned about. Once spyware tools are available to governments, they can be turned against any target, including those who seek accountability.

Threat to Democratic Oversight

The incident strikes at the heart of democratic governance. When lawmakers investigating surveillance become surveillance targets themselves, the entire oversight process is undermined. The European Parliament member quoted by Citizen Lab emphasized that this is not just a privacy breach but an assault on democratic institutions.

Several governments that have purchased Pegasus have faced allegations of using it to monitor political opponents, human rights defenders and journalists. The targeting of EU politicians adds a new dimension: the weaponization of spyware against the very bodies meant to regulate it.

Technical and Legal Gaps

The infections highlight several gaps in current protections:

  • Mobile device security: Even high-profile targets lack reliable defenses against zero-click exploits used by Pegasus.
  • Export controls: NSO Group has faced restrictions, but secondary markets and resellers still allow spyware to reach abusive regimes.
  • Attribution challenges: Identifying the specific state actor behind each infection remains difficult, complicating diplomatic or legal responses.

These gaps allow surveillance to persist despite public condemnation and regulatory efforts.

Why This Matters

The targeting of EU politicians changes the stakes for spyware regulation. Until now, the victims were often civil society figures with limited political power. Now the integrity of parliamentary oversight is directly compromised. Without stronger controls, any government with access to Pegasus can silence its critics and disable the checks that democracies rely on. The European Union is expected to push for tighter export restrictions and possibly sanctions against NSO Group and similar companies. But the broader question is whether any state can be trusted with advanced surveillance tools when they so easily become weapons of political repression.